1 # Copyright (c) 2008, 2009 Edward Tomasz NapieraĆa <trasz@FreeBSD.org>
3 # Redistribution and use in source and binary forms, with or without
4 # modification, are permitted provided that the following conditions
6 # 1. Redistributions of source code must retain the above copyright
7 # notice, this list of conditions and the following disclaimer.
8 # 2. Redistributions in binary form must reproduce the above copyright
9 # notice, this list of conditions and the following disclaimer in the
10 # documentation and/or other materials provided with the distribution.
12 # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
13 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
14 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
15 # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
16 # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
17 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
18 # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
19 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
20 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
21 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 # This is a tools-level test for NFSv4 ACL functionality. Run it as root
28 # using ACL-enabled kernel:
30 # /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-nfs4.test
32 # WARNING: Creates files in unsafe way.
38 # Smoke test for getfacl(1).
44 > owner@:--x-----------:-------:deny
45 > owner@:rw-p---A-W-Co-:-------:allow
46 > group@:-wxp----------:-------:deny
47 > group@:r-------------:-------:allow
48 > everyone@:-wxp---A-W-Co-:-------:deny
49 > everyone@:r-----a-R-c--s:-------:allow
52 > owner@:--x-----------:-------:deny
53 > owner@:rw-p---A-W-Co-:-------:allow
54 > group@:-wxp----------:-------:deny
55 > group@:r-------------:-------:allow
56 > everyone@:-wxp---A-W-Co-:-------:deny
57 > everyone@:r-----a-R-c--s:-------:allow
59 # Check verbose mode formatting.
64 > owner@:execute::deny
65 > owner@:read_data/write_data/append_data/write_attributes/write_xattr/write_acl/write_owner::allow
66 > group@:write_data/execute/append_data::deny
67 > group@:read_data::allow
68 > everyone@:write_data/execute/append_data/write_attributes/write_xattr/write_acl/write_owner::deny
69 > everyone@:read_data/read_attributes/read_xattr/read_acl/synchronize::allow
72 $ setfacl -a2 u:0:write_acl:allow,g:1:read_acl:deny xxx
77 > owner@:--x-----------:-------:deny
78 > owner@:rw-p---A-W-Co-:-------:allow
79 > user:0:-----------C--:-------:allow
80 > group:1:----------c---:-------:deny
81 > group@:-wxp----------:-------:deny
82 > group@:r-------------:-------:allow
83 > everyone@:-wxp---A-W-Co-:-------:deny
84 > everyone@:r-----a-R-c--s:-------:allow
86 # Test user and group name resolving.
89 $ setfacl -a2 u:root:write_acl:allow,g:daemon:read_acl:deny xxx
94 > owner@:--x-----------:-------:deny
95 > owner@:rw-p---A-W-Co-:-------:allow
96 > user:root:-----------C--:-------:allow
97 > group:daemon:----------c---:-------:deny
98 > group@:-wxp----------:-------:deny
99 > group@:r-------------:-------:allow
100 > everyone@:-wxp---A-W-Co-:-------:deny
101 > everyone@:r-----a-R-c--s:-------:allow
103 # Check whether ls correctly marks files with "+".
104 $ ls -l xxx | cut -d' ' -f1
107 # Test removing entries by number.
114 > owner@:--x-----------:-------:deny
115 > owner@:rw-p---A-W-Co-:-------:allow
116 > user:0:-----------C--:-------:allow
117 > group:1:----------c---:-------:deny
118 > everyone@:-wxp---A-W-Co-:-------:deny
119 > everyone@:r-----a-R-c--s:-------:allow
122 $ setfacl -a0 everyone@:rwx:deny xxx
123 $ setfacl -a0 everyone@:rwx:deny xxx
124 $ setfacl -a0 everyone@:rwx:deny xxx
125 $ setfacl -m everyone@::deny xxx
130 > everyone@:--------------:-------:deny
131 > everyone@:--------------:-------:deny
132 > everyone@:--------------:-------:deny
133 > owner@:--x-----------:-------:deny
134 > owner@:rw-p---A-W-Co-:-------:allow
135 > user:0:-----------C--:-------:allow
136 > group:1:----------c---:-------:deny
137 > everyone@:--------------:-------:deny
138 > everyone@:r-----a-R-c--s:-------:allow
145 > everyone@:--------------:-------:deny
146 > everyone@:--------------:-------:deny
147 > everyone@:--------------:-------:deny
148 > owner@:--x-----------:-------:deny
149 > owner@:rw-p---A-W-Co-:-------:allow
150 > user:root:-----------C--:-------:allow:0
151 > group:daemon:----------c---:-------:deny:1
152 > everyone@:--------------:-------:deny
153 > everyone@:r-----a-R-c--s:-------:allow
155 # Make sure cp without any flags does not copy copy the ACL.
157 $ ls -l yyy | cut -d' ' -f1
160 # Make sure it does with the "-p" flag.
167 > everyone@:--------------:-------:deny
168 > everyone@:--------------:-------:deny
169 > everyone@:--------------:-------:deny
170 > owner@:--x-----------:-------:deny
171 > owner@:rw-p---A-W-Co-:-------:allow
172 > user:0:-----------C--:-------:allow
173 > group:1:----------c---:-------:deny
174 > everyone@:--------------:-------:deny
175 > everyone@:r-----a-R-c--s:-------:allow
179 # Test removing entries by... by example?
180 $ setfacl -x everyone@::deny xxx
185 > owner@:--x-----------:-------:deny
186 > owner@:rw-p---A-W-Co-:-------:allow
187 > user:0:-----------C--:-------:allow
188 > group:1:----------c---:-------:deny
189 > everyone@:r-----a-R-c--s:-------:allow
197 > owner@:--x-----------:-------:deny
198 > owner@:rw-p---A-W-Co-:-------:allow
199 > group@:-wxp----------:-------:deny
200 > group@:r-------------:-------:allow
201 > everyone@:-wxp---A-W-Co-:-------:deny
202 > everyone@:r-----a-R-c--s:-------:allow
204 $ ls -l xxx | cut -d' ' -f1
207 # Check setfacl(1) and getfacl(1) with multiple files.
210 $ ls -l xxx yyy zzz | cut -d' ' -f1
215 $ setfacl -m u:42:x:allow,g:43:w:allow nnn xxx yyy zzz
216 > setfacl: nnn: acl_get_file() failed: No such file or directory
218 $ ls -l nnn xxx yyy zzz | cut -d' ' -f1
219 > ls: nnn: No such file or directory
224 $ getfacl -nq nnn xxx yyy zzz
225 > getfacl: nnn: stat() failed: No such file or directory
226 > user:42:--x-----------:-------:allow
227 > group:43:-w------------:-------:allow
228 > owner@:--x-----------:-------:deny
229 > owner@:rw-p---A-W-Co-:-------:allow
230 > group@:-wxp----------:-------:deny
231 > group@:r-------------:-------:allow
232 > everyone@:-wxp---A-W-Co-:-------:deny
233 > everyone@:r-----a-R-c--s:-------:allow
235 > user:42:--x-----------:-------:allow
236 > group:43:-w------------:-------:allow
237 > owner@:--x-----------:-------:deny
238 > owner@:rw-p---A-W-Co-:-------:allow
239 > group@:-wxp----------:-------:deny
240 > group@:r-------------:-------:allow
241 > everyone@:-wxp---A-W-Co-:-------:deny
242 > everyone@:r-----a-R-c--s:-------:allow
244 > user:42:--x-----------:-------:allow
245 > group:43:-w------------:-------:allow
246 > owner@:--x-----------:-------:deny
247 > owner@:rw-p---A-W-Co-:-------:allow
248 > group@:-wxp----------:-------:deny
249 > group@:r-------------:-------:allow
250 > everyone@:-wxp---A-W-Co-:-------:deny
251 > everyone@:r-----a-R-c--s:-------:allow
253 $ setfacl -b nnn xxx yyy zzz
254 > setfacl: nnn: acl_get_file() failed: No such file or directory
256 $ ls -l nnn xxx yyy zzz | cut -d' ' -f1
257 > ls: nnn: No such file or directory
264 # Test applying mode to an ACL.
266 $ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow -x everyone@::allow xxx
272 > user:42:r-------------:-------:deny
273 > user:42:r-------------:-------:allow
274 > user:43:-w------------:-------:deny
275 > user:43:-w------------:-------:allow
276 > user:44:--x-----------:-------:deny
277 > user:44:--x-----------:-------:allow
278 > owner@:--------------:-------:deny
279 > owner@:-------A-W-Co-:-------:allow
280 > group@:--------------:-------:deny
281 > group@:--------------:-------:allow
282 > everyone@:-------A-W-Co-:-------:deny
283 > owner@:--x-----------:-------:deny
284 > owner@:rw-p---A-W-Co-:-------:allow
285 > group@:rwxp----------:-------:deny
286 > group@:--------------:-------:allow
287 > everyone@:rwxp---A-W-Co-:-------:deny
288 > everyone@:------a-R-c--s:-------:allow
289 $ ls -l xxx | cut -d' ' -f1
295 $ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx
301 > user:42:--------------:-------:deny
302 > user:42:r-------------:-------:allow
303 > user:43:-w------------:-------:deny
304 > user:43:-w------------:-------:allow
305 > user:44:--x-----------:-------:deny
306 > user:44:--x-----------:-------:allow
307 > owner@:--x-----------:-------:deny
308 > owner@:rw-p---A-W-Co-:-------:allow
309 > group@:rwxp----------:-------:deny
310 > group@:--------------:-------:allow
311 > everyone@:rwxp---A-W-Co-:-------:deny
312 > everyone@:------a-R-c--s:-------:allow
313 $ ls -l xxx | cut -d' ' -f1
319 $ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx
325 > user:42:r-------------:-------:deny
326 > user:42:r-------------:-------:allow
327 > user:43:-w------------:-------:deny
328 > user:43:-w------------:-------:allow
329 > user:44:--x-----------:-------:deny
330 > user:44:--x-----------:-------:allow
331 > owner@:rw-p----------:-------:deny
332 > owner@:--x----A-W-Co-:-------:allow
333 > group@:r-x-----------:-------:deny
334 > group@:-w-p----------:-------:allow
335 > everyone@:-wxp---A-W-Co-:-------:deny
336 > everyone@:r-----a-R-c--s:-------:allow
337 $ ls -l xxx | cut -d' ' -f1
343 $ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx
349 > user:42:r-------------:-------:deny
350 > user:42:r-------------:-------:allow
351 > user:43:-w------------:-------:deny
352 > user:43:-w------------:-------:allow
353 > user:44:--------------:-------:deny
354 > user:44:--x-----------:-------:allow
355 > owner@:-wxp----------:-------:deny
356 > owner@:r------A-W-Co-:-------:allow
357 > group@:rw-p----------:-------:deny
358 > group@:--x-----------:-------:allow
359 > everyone@:r-x----A-W-Co-:-------:deny
360 > everyone@:-w-p--a-R-c--s:-------:allow
361 $ ls -l xxx | cut -d' ' -f1
365 $ setfacl -a0 group:44:rwapd:allow ddd
366 $ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd
367 $ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd
368 $ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd
373 > user:42:r-x-----------:f-i----:allow
374 > group:42:-w--D---------:-d-----:allow
375 > group:43:-w--D---------:-d-----:deny
376 > group@:-----da-------:-------:allow
377 > group:44:rw-p-da-------:-------:allow
378 > owner@:--------------:-------:deny
379 > owner@:rwxp---A-W-Co-:-------:allow
380 > group@:-w-p----------:-------:deny
381 > group@:r-x-----------:-------:allow
382 > everyone@:-w-p---A-W-Co-:-------:deny
383 > everyone@:-w-p--a-R-c--s:f-i----:allow
389 > user:42:r-x-----------:f-i----:allow
390 > group:42:-w--D---------:-di----:allow
391 > group:42:--------------:-------:deny
392 > group:42:-w--D---------:-------:allow
393 > group:43:-w--D---------:-di----:deny
394 > group:43:-w--D---------:-------:deny
395 > group@:-----da-------:-------:allow
396 > group:44:--------------:-------:deny
397 > group:44:rw-p-da-------:-------:allow
398 > owner@:--------------:-------:deny
399 > owner@:-------A-W-Co-:-------:allow
400 > group@:--------------:-------:deny
401 > group@:--------------:-------:allow
402 > everyone@:-------A-W-Co-:-------:deny
403 > everyone@:-w-p--a-R-c--s:f-i----:allow
404 > owner@:--------------:-------:deny
405 > owner@:rwxp---A-W-Co-:-------:allow
406 > group@:--------------:-------:deny
407 > group@:rwxp----------:-------:allow
408 > everyone@:-------A-W-Co-:-------:deny
409 > everyone@:rwxp--a-R-c--s:-------:allow
413 $ setfacl -a0 group:44:rwapd:allow ddd
414 $ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd
415 $ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd
416 $ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd
422 > user:42:r-x-----------:f-i----:allow
423 > group:42:-w--D---------:-di----:allow
424 > group:42:--------------:-------:deny
425 > group:42:----D---------:-------:allow
426 > group:43:-w--D---------:-di----:deny
427 > group:43:-w--D---------:-------:deny
428 > group@:-----da-------:-------:allow
429 > group:44:r-------------:-------:deny
430 > group:44:r----da-------:-------:allow
431 > owner@:--------------:-------:deny
432 > owner@:-------A-W-Co-:-------:allow
433 > group@:--------------:-------:deny
434 > group@:--------------:-------:allow
435 > everyone@:-------A-W-Co-:-------:deny
436 > everyone@:-w-p--a-R-c--s:f-i----:allow
437 > owner@:rw-p----------:-------:deny
438 > owner@:--x----A-W-Co-:-------:allow
439 > group@:r-x-----------:-------:deny
440 > group@:-w-p----------:-------:allow
441 > everyone@:-wxp---A-W-Co-:-------:deny
442 > everyone@:r-----a-R-c--s:-------:allow
446 $ setfacl -a0 group:44:rwapd:allow ddd
447 $ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd
448 $ setfacl -a0 user:42:rx:allow,user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd
449 $ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd
455 > user:42:r-------------:-------:deny
456 > user:42:r-x-----------:-------:allow
457 > user:42:r-x-----------:f-i----:allow
458 > group:42:-w--D---------:-di----:allow
459 > group:42:-w------------:-------:deny
460 > group:42:-w--D---------:-------:allow
461 > group:43:-w--D---------:-di----:deny
462 > group:43:-w--D---------:-------:deny
463 > group@:-----da-------:-------:allow
464 > group:44:rw-p----------:-------:deny
465 > group:44:rw-p-da-------:-------:allow
466 > owner@:--------------:-------:deny
467 > owner@:-------A-W-Co-:-------:allow
468 > group@:--------------:-------:deny
469 > group@:--------------:-------:allow
470 > everyone@:-------A-W-Co-:-------:deny
471 > everyone@:-w-p--a-R-c--s:f-i----:allow
472 > owner@:-wxp----------:-------:deny
473 > owner@:r------A-W-Co-:-------:allow
474 > group@:rw-p----------:-------:deny
475 > group@:--x-----------:-------:allow
476 > everyone@:r-x----A-W-Co-:-------:deny
477 > everyone@:-w-p--a-R-c--s:-------:allow
481 $ setfacl -a0 group:44:rwapd:allow ddd
482 $ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd
483 $ setfacl -a0 user:42:rx:allow,user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd
484 $ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd
491 > user:42:--x-----------:-------:deny
492 > user:42:r-x-----------:-------:allow
493 > user:42:r-x-----------:f-i----:allow
494 > group:42:-w--D---------:-di----:allow
495 > group:42:-w------------:-------:deny
496 > group:42:-w--D---------:-------:allow
497 > group:43:-w--D---------:-di----:deny
498 > group:43:-w--D---------:-------:deny
499 > group@:-----da-------:-------:allow
500 > group:44:rw-p----------:-------:deny
501 > group:44:rw-p-da-------:-------:allow
502 > owner@:--------------:-------:deny
503 > owner@:-------A-W-Co-:-------:allow
504 > group@:--------------:-------:deny
505 > group@:--------------:-------:allow
506 > everyone@:-------A-W-Co-:-------:deny
507 > everyone@:-w-p--a-R-c--s:f-i----:allow
508 > owner@:-wxp----------:-------:deny
509 > owner@:r------A-W-Co-:-------:allow
510 > group@:rw-p----------:-------:deny
511 > group@:--x-----------:-------:allow
512 > everyone@:r-x----A-W-Co-:-------:deny
513 > everyone@:-w-p--a-R-c--s:-------:allow
515 # Test applying ACL to mode.
518 $ setfacl -a0 u:42:rwx:fi:allow ddd
519 $ ls -ld ddd | cut -d' ' -f1
525 $ setfacl -a0 owner@:r:allow,group@:w:deny,group@:wx:allow ddd
526 $ ls -ld ddd | cut -d' ' -f1
532 $ setfacl -a0 owner@:r:allow,group@:w:fi:deny,group@:wx:allow ddd
533 $ ls -ld ddd | cut -d' ' -f1
539 $ setfacl -a0 owner@:r:allow,group:43:w:deny,group:43:wx:allow ddd
540 $ ls -ld ddd | cut -d' ' -f1
546 $ setfacl -a0 owner@:r:allow,user:43:w:deny,user:43:wx:allow ddd
547 $ ls -ld ddd | cut -d' ' -f1
553 $ setfacl -a0 group:43:write_data/write_acl:fin:deny,u:43:rwxp:allow ddd
554 $ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:dn:deny ddd
555 $ setfacl -a0 user:42:write_acl/write_owner:fi:allow ddd
556 $ setfacl -a0 group:41:read_data/read_attributes:dni:allow ddd
557 $ setfacl -a0 user:41:write_data/write_attributes:fn:allow ddd
559 > user:41:-w-----A------:f--n---:allow
560 > group:41:r-----a-------:-din---:allow
561 > user:42:-----------Co-:f-i----:allow
562 > user:42:r-x-----------:f-i----:allow
563 > group:42:-w--D---------:-d-n---:deny
564 > group:43:-w---------C--:f-in---:deny
565 > user:43:rwxp----------:-------:allow
566 > owner@:--------------:-------:deny
567 > owner@:rwxp---A-W-Co-:-------:allow
568 > group@:-w-p----------:-------:deny
569 > group@:r-x-----------:-------:allow
570 > everyone@:-w-p---A-W-Co-:-------:deny
571 > everyone@:r-x---a-R-c--s:-------:allow
576 > user:41:-w------------:-------:deny
577 > user:41:-w-----A------:-------:allow
578 > user:42:--------------:-------:deny
579 > user:42:--------------:-------:allow
580 > user:42:--x-----------:-------:deny
581 > user:42:r-x-----------:-------:allow
582 > group:43:-w---------C--:-------:deny
583 > owner@:--x-----------:-------:deny
584 > owner@:rw-p---A-W-Co-:-------:allow
585 > group@:-wxp----------:-------:deny
586 > group@:r-------------:-------:allow
587 > everyone@:-wxp---A-W-Co-:-------:deny
588 > everyone@:r-----a-R-c--s:-------:allow
594 > user:41:-w------------:-------:deny
595 > user:41:-w-----A------:-------:allow
596 > user:42:--------------:-------:deny
597 > user:42:--------------:-------:allow
598 > user:42:r-x-----------:-------:deny
599 > user:42:r-x-----------:-------:allow
600 > group:43:-w---------C--:-------:deny
601 > owner@:--x-----------:-------:deny
602 > owner@:rw-p---A-W-Co-:-------:allow
603 > group@:rwxp----------:-------:deny
604 > group@:--------------:-------:allow
605 > everyone@:rwxp---A-W-Co-:-------:deny
606 > everyone@:------a-R-c--s:-------:allow
612 > user:41:-w------------:-------:deny
613 > user:41:-w-----A------:-------:allow
614 > user:42:--------------:-------:deny
615 > user:42:--------------:-------:allow
616 > user:42:r-x-----------:-------:deny
617 > user:42:r-x-----------:-------:allow
618 > group:43:-w---------C--:-------:deny
619 > owner@:rwxp----------:-------:deny
620 > owner@:-------A-W-Co-:-------:allow
621 > group@:rwxp----------:-------:deny
622 > group@:--------------:-------:allow
623 > everyone@:--x----A-W-Co-:-------:deny
624 > everyone@:rw-p--a-R-c--s:-------:allow
630 > user:41:--------------:-------:deny
631 > user:41:-w-----A------:-------:allow
632 > user:42:--------------:-------:deny
633 > user:42:--------------:-------:allow
634 > user:42:--x-----------:-------:deny
635 > user:42:r-x-----------:-------:allow
636 > group:43:-w---------C--:-------:deny
637 > owner@:rwxp----------:-------:deny
638 > owner@:-------A-W-Co-:-------:allow
639 > group@:--x-----------:-------:deny
640 > group@:rw-p----------:-------:allow
641 > everyone@:rwxp---A-W-Co-:-------:deny
642 > everyone@:------a-R-c--s:-------:allow
647 > group:41:r-------------:-------:deny
648 > group:41:r-----a-------:-------:allow
649 > user:42:-----------Co-:f-i----:allow
650 > user:42:r-x-----------:f-i----:allow
651 > group:42:-w--D---------:-------:deny
652 > owner@:--------------:-------:deny
653 > owner@:rwxp---A-W-Co-:-------:allow
654 > group@:rwxp----------:-------:deny
655 > group@:--------------:-------:allow
656 > everyone@:rwxp---A-W-Co-:-------:deny
657 > everyone@:------a-R-c--s:-------:allow
663 > group:41:r-------------:-------:deny
664 > group:41:r-----a-------:-------:allow
665 > user:42:-----------Co-:f-i----:allow
666 > user:42:r-x-----------:f-i----:allow
667 > group:42:-w--D---------:-------:deny
668 > owner@:rwxp----------:-------:deny
669 > owner@:-------A-W-Co-:-------:allow
670 > group@:rwxp----------:-------:deny
671 > group@:--------------:-------:allow
672 > everyone@:-------A-W-Co-:-------:deny
673 > everyone@:rwxp--a-R-c--s:-------:allow
679 > group:41:--------------:-------:deny
680 > group:41:------a-------:-------:allow
681 > user:42:-----------Co-:f-i----:allow
682 > user:42:r-x-----------:f-i----:allow
683 > group:42:-w--D---------:-------:deny
684 > owner@:rwxp----------:-------:deny
685 > owner@:-------A-W-Co-:-------:allow
686 > group@:--------------:-------:deny
687 > group@:rwxp----------:-------:allow
688 > everyone@:rwxp---A-W-Co-:-------:deny
689 > everyone@:------a-R-c--s:-------:allow
691 # There is some complication regarding how write_acl and write_owner flags
692 # get inherited. Make sure we got it right.
694 $ setfacl -a0 u:42:Co:f:allow .
695 $ setfacl -a0 u:43:Co:d:allow .
696 $ setfacl -a0 u:44:Co:fd:allow .
697 $ setfacl -a0 u:45:Co:fi:allow .
698 $ setfacl -a0 u:46:Co:di:allow .
699 $ setfacl -a0 u:47:Co:fdi:allow .
700 $ setfacl -a0 u:48:Co:fn:allow .
701 $ setfacl -a0 u:49:Co:dn:allow .
702 $ setfacl -a0 u:50:Co:fdn:allow .
703 $ setfacl -a0 u:51:Co:fni:allow .
704 $ setfacl -a0 u:52:Co:dni:allow .
705 $ setfacl -a0 u:53:Co:fdni:allow .
710 > user:53:--------------:-------:deny
711 > user:53:--------------:-------:allow
712 > user:51:--------------:-------:deny
713 > user:51:--------------:-------:allow
714 > user:50:--------------:-------:deny
715 > user:50:--------------:-------:allow
716 > user:48:--------------:-------:deny
717 > user:48:--------------:-------:allow
718 > user:47:--------------:-------:deny
719 > user:47:--------------:-------:allow
720 > user:45:--------------:-------:deny
721 > user:45:--------------:-------:allow
722 > user:44:--------------:-------:deny
723 > user:44:--------------:-------:allow
724 > user:42:--------------:-------:deny
725 > user:42:--------------:-------:allow
726 > owner@:--x-----------:-------:deny
727 > owner@:rw-p---A-W-Co-:-------:allow
728 > group@:-wxp----------:-------:deny
729 > group@:r-------------:-------:allow
730 > everyone@:-wxp---A-W-Co-:-------:deny
731 > everyone@:r-----a-R-c--s:-------:allow
736 > user:53:--------------:-------:deny
737 > user:53:--------------:-------:allow
738 > user:52:--------------:-------:deny
739 > user:52:--------------:-------:allow
740 > user:50:--------------:-------:deny
741 > user:50:--------------:-------:allow
742 > user:49:--------------:-------:deny
743 > user:49:--------------:-------:allow
744 > user:47:-----------Co-:fdi----:allow
745 > user:47:--------------:-------:deny
746 > user:47:--------------:-------:allow
747 > user:46:-----------Co-:-di----:allow
748 > user:46:--------------:-------:deny
749 > user:46:--------------:-------:allow
750 > user:45:-----------Co-:f-i----:allow
751 > user:44:-----------Co-:fdi----:allow
752 > user:44:--------------:-------:deny
753 > user:44:--------------:-------:allow
754 > user:43:-----------Co-:-di----:allow
755 > user:43:--------------:-------:deny
756 > user:43:--------------:-------:allow
757 > user:42:-----------Co-:f-i----:allow
758 > owner@:--------------:-------:deny
759 > owner@:rwxp---A-W-Co-:-------:allow
760 > group@:-w-p----------:-------:deny
761 > group@:r-x-----------:-------:allow
762 > everyone@:-w-p---A-W-Co-:-------:deny
763 > everyone@:r-x---a-R-c--s:-------:allow
766 $ setfacl -a0 u:42:Co:f:deny .
767 $ setfacl -a0 u:43:Co:d:deny .
768 $ setfacl -a0 u:44:Co:fd:deny .
769 $ setfacl -a0 u:45:Co:fi:deny .
770 $ setfacl -a0 u:46:Co:di:deny .
771 $ setfacl -a0 u:47:Co:fdi:deny .
772 $ setfacl -a0 u:48:Co:fn:deny .
773 $ setfacl -a0 u:49:Co:dn:deny .
774 $ setfacl -a0 u:50:Co:fdn:deny .
775 $ setfacl -a0 u:51:Co:fni:deny .
776 $ setfacl -a0 u:52:Co:dni:deny .
777 $ setfacl -a0 u:53:Co:fdni:deny .
782 > user:53:-----------Co-:-------:deny
783 > user:51:-----------Co-:-------:deny
784 > user:50:-----------Co-:-------:deny
785 > user:48:-----------Co-:-------:deny
786 > user:47:-----------Co-:-------:deny
787 > user:45:-----------Co-:-------:deny
788 > user:44:-----------Co-:-------:deny
789 > user:42:-----------Co-:-------:deny
790 > owner@:--x-----------:-------:deny
791 > owner@:rw-p---A-W-Co-:-------:allow
792 > group@:-wxp----------:-------:deny
793 > group@:r-------------:-------:allow
794 > everyone@:-wxp---A-W-Co-:-------:deny
795 > everyone@:r-----a-R-c--s:-------:allow
800 > user:53:-----------Co-:-------:deny
801 > user:52:-----------Co-:-------:deny
802 > user:50:-----------Co-:-------:deny
803 > user:49:-----------Co-:-------:deny
804 > user:47:-----------Co-:fdi----:deny
805 > user:47:-----------Co-:-------:deny
806 > user:46:-----------Co-:-di----:deny
807 > user:46:-----------Co-:-------:deny
808 > user:45:-----------Co-:f-i----:deny
809 > user:44:-----------Co-:fdi----:deny
810 > user:44:-----------Co-:-------:deny
811 > user:43:-----------Co-:-di----:deny
812 > user:43:-----------Co-:-------:deny
813 > user:42:-----------Co-:f-i----:deny
814 > owner@:--------------:-------:deny
815 > owner@:rwxp---A-W-Co-:-------:allow
816 > group@:-w-p----------:-------:deny
817 > group@:r-x-----------:-------:allow
818 > everyone@:-w-p---A-W-Co-:-------:deny
819 > everyone@:r-x---a-R-c--s:-------:allow
827 # Test basic recursive setting of ACLs.
832 $ setfacl -R -m owner@:full_set:f:allow,group@:full_set::allow,everyone@:full_set::allow ddd
834 > owner@:--------------:-------:deny
835 > owner@:rwxpDdaARWcCos:f------:allow
836 > group@:-w-p----------:-------:deny
837 > group@:rwxpDdaARWcCos:-------:allow
838 > everyone@:-w-p---A-W-Co-:-------:deny
839 > everyone@:rwxpDdaARWcCos:-------:allow
841 > owner@:--x-----------:-------:deny
842 > owner@:rwxpDdaARWcCos:-------:allow
843 > group@:-wxp----------:-------:deny
844 > group@:rwxpDdaARWcCos:-------:allow
845 > everyone@:-wxp---A-W-Co-:-------:deny
846 > everyone@:rwxpDdaARWcCos:-------:allow
848 > owner@:--------------:-------:deny
849 > owner@:rwxpDdaARWcCos:f------:allow
850 > group@:-w-p----------:-------:deny
851 > group@:rwxpDdaARWcCos:-------:allow
852 > everyone@:-w-p---A-W-Co-:-------:deny
853 > everyone@:rwxpDdaARWcCos:-------:allow
854 $ getfacl -q ddd/eee/yyy
855 > owner@:--x-----------:-------:deny
856 > owner@:rwxpDdaARWcCos:-------:allow
857 > group@:-wxp----------:-------:deny
858 > group@:rwxpDdaARWcCos:-------:allow
859 > everyone@:-wxp---A-W-Co-:-------:deny
860 > everyone@:rwxpDdaARWcCos:-------:allow